<?php
$strUrlBack = isset($_SESSION[SESSION_BACKURL]) ? $_SESSION[SESSION_BACKURL] : HOST_BACKEND; 
if(!isset($AppUI->id)||
!isset($_SESSION['user'])||
(isset($_SESSION['user'])&&($_SESSION['user']&1<<2)==0)
) {
	redirect($strUrlBack);
}
$this->load->model('admin_model', 'admin');
// data input
$intUserId	        = $this->input->post('puserid', 0);
$strUsername        = $this->input->post('pusername', null);
$strPassword    	= $this->input->post('ppassword',null);			
$strConfirmPassword = $this->input->post('ppassword_confirm',null);
$lenPassword        = strlen($strPassword);
$arrErr             = array();
// validate manual	
//+ password
if(!isset($strPassword) || empty($strPassword))
    array_push($arrErr, $arrLocale['password_required']);
elseif(isset($strPassword) && $lenPassword < VL_PASSWORD_MINLENGTH) 
    array_push($arrErr, $arrLocale['password_minlength']);
elseif(isset($strPassword) && $strPassword != $strConfirmPassword)
    array_push($arrErr, $arrLocale['password_notmatch']);
//+ confirm password
if(!isset($strConfirmPassword) || empty($strConfirmPassword))
    array_push($arrErr, $arrLocale['password_confirm_required']);	

if(isset($arrErr) && count($arrErr)==0) {//allow save
    // unset session if exists
    if(isset($_SESSION['USER_ERROR'])) unset($_SESSION['USER_ERROR']);
    $this->load->model('user_model', 'user');	    
    $intError = $this->user->updatePassword($AppUI->id, $intUserId, md5($strPassword));
    if($intError==0) CI_Function::setMsg($arrMessage['save_change_pw']);
    elseif($intError==1) array_push($arrErr, $arrError['noperm_changepw']);        
}
// occur error

if (isset($arrErr) && count($arrErr) > 0) {
    $_SESSION['USER_ERROR']    = $arrErr;
    redirect(HOST_BACKEND . 'user/changepw?userid=' . $intUserId);
}
redirect($strUrlBack);